Dima Kovalenko - Modern SSL Pinning

Transcript

1. Modern SSL Pinning in iOS system & applications Dima Kovalenko

   Dec 2, 2017 OWASP Kyiv 2017

2. Agenda 1. Seasons in the sun 2. Smelly breath of

   SSL 3. SSL pinning versus SSLKillSwitch 4. Modern techniques to sniff/prevent sniffing SSL traffic 5. Summary

3. Seasons in the sun From the beginning of the iPhone

   era to 2010: • HTTP everywhere • HTTPs is a very rare beast • Any HTTP sniffer can see applications’ traffic Life is good!

4. Seasons in the sun Apple AppStore traffic in 2009

5. Seasons in the sun Apple AppStore traffic in 2009

6. Smelly breath of SSL Starting from 2010, more and more

   iOS apps use SSL. However: • HTTP protocol is still widely used (now over SSL) • iOS applications trust system certificate storage It looks like SSL is used mostly to prevent MitM-attacks (stealing passwords, cookies etc) that prevent sniffing traffic from your own device.

7. Smelly breath of SSL In 2010, the way to bypass

   SSL is simple: 1. Generate an SSL certificate 2. Add the certificate to iOS system storage 3. Use the certificate in your sniffer

8. Smelly breath of SSL Numerous instructions how to do it

9. SSL pinning versus SSLKillSwitch SSL certificate pinning is widely used

   since about 2012. 1. HTTP is still the core protocol for many iOS apps, but... 2. ...the apps do not trust system certificate storage anymore!

10. SSL pinning versus SSLKillSwitch So 1. Any app has it’s

    own “per-app” certificate storage. 2. There is no common implementation of the “per-app” storages (iOS apps hardcode certificates, keep certificates in external files, request certificates on first start and save to app bundle settings etc). 3. There is no common way to sniff SSL traffic anymore!

11. SSL pinning versus SSLKillSwitch In July 2012, Alban “nabla” Diquet

    saves all! His research shows that 1. Most of iOS apps (and even iOS itself) use the same system function to check certificate 2. The functions can be hooked/patched to make any certificate valid

12. SSL pinning versus SSLKillSwitch The nabla’s tool, called SSLKillSwitch, is

    a MobileSubstrate extension. It hooks 3 important iOS SSL stack functions: • SSLSetSessionOption(...) • SSLCreateContext(...) • SSLHandshake(...) Of course, SSLKillSwitch is not the only tool of this kind, but I believe it’s first and most used.

13. <!-- DEMO1: SSLKillSwitch against YouTube --> SSL pinning versus SSLKillSwitch

14. Modern techniques to sniff/prevent sniffing SSL traffic In 2016, iOS

    app developers start to implement custom SSL validation techniques. The techniques include numerous features, e.g. 1. Pinning public keys (SubjectPublicKeyInfo (SPKI)) vs. certificate pinning 2. Client-side certificates 3. iOS SSL stack functions integrity check… 4. ...and so on SSLKillSwitch and similar tools are not the absolute weapon against SSL pinning anymore!

15. Modern techniques to sniff/prevent sniffing SSL traffic <!-- DEMO2: hook

    SSLRead/SSLWrite and sniff Apple Push traffic -->

16. Modern techniques to sniff/prevent sniffing SSL traffic <!-- DEMO3: patch

    Instagram openssl-based embedded SSL framework and sniff the traffic -->

17. Summary Everything is bad!

18. QUESTIONS?

19. Twitter: @kov4l3nko Mail: [email protected] Blog: https://kov4l3nko.github.io